---
page_title: "cloudflare_ipsec_tunnel Resource - Cloudflare"
subcategory: ""
description: |-
  Provides a resource, that manages IPsec tunnels for Magic Transit.
---

# cloudflare_ipsec_tunnel (Resource)

Provides a resource, that manages IPsec tunnels for Magic Transit.

## Example Usage

```terraform
resource "cloudflare_ipsec_tunnel" "example" {
  account_id           = "f037e56e89293a057740de681ac9abbe"
  name                 = "IPsec_1"
  customer_endpoint    = "203.0.113.1"
  cloudflare_endpoint  = "203.0.113.1"
  interface_address    = "192.0.2.0/31"
  description          = "Tunnel for ISP X"
  health_check_enabled = true
  health_check_target  = "203.0.113.1"
  health_check_type    = "reply"
  psk                  = "asdf12341234"
  allow_null_cipher    = false
}
```
<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `cloudflare_endpoint` (String) IP address assigned to the Cloudflare side of the IPsec tunnel.
- `customer_endpoint` (String) IP address assigned to the customer side of the IPsec tunnel.
- `interface_address` (String) 31-bit prefix (/31 in CIDR notation) supporting 2 hosts, one for each side of the tunnel.
- `name` (String) Name of the IPsec tunnel.

### Optional

- `account_id` (String) The account identifier to target for the resource. **Modifying this attribute will force creation of a new resource.**
- `allow_null_cipher` (Boolean) Specifies if this tunnel may use a null cipher (ENCR_NULL) in Phase 2. Defaults to `false`.
- `description` (String) An optional description of the IPsec tunnel.
- `fqdn_id` (String) `remote_id` in the form of a fqdn. This value is generated by cloudflare.
- `health_check_enabled` (Boolean) Specifies if ICMP tunnel health checks are enabled. Default: `true`.
- `health_check_target` (String) The IP address of the customer endpoint that will receive tunnel health checks. Default: `<customer_gre_endpoint>`.
- `health_check_type` (String) Specifies the ICMP echo type for the health check (`request` or `reply`). Available values: `request`, `reply` Default: `reply`.
- `hex_id` (String) `remote_id` as a hex string. This value is generated by cloudflare.
- `psk` (String, Sensitive) Pre shared key to be used with the IPsec tunnel. If left unset, it will be autogenerated.
- `remote_id` (String) ID to be used while setting up the IPsec tunnel. This value is generated by cloudflare.
- `user_id` (String) `remote_id` in the form of an email address. This value is generated by cloudflare.

### Read-Only

- `id` (String) The ID of this resource.

## Import

Import is supported using the following syntax:

```shell
$ terraform import cloudflare_ipsec_tunnel.example <account_id>/<tunnel_id>
```
